Directives of technology company DigitalOcean confirmed that it has been the victim of a data breach due to a flaw in the storage system of its customers’ billing data. Via an email sent to affected users, the cloud host signature noted that the flaw allowed unauthorized access to billing data stored between April 9th and 22.
In the message, the company mentions that “thanks to a flaw that has already been fixed, an unauthorized user gained access to some details of user accounts, including billing data.” The message also notes that the compromised information includes details such as:
- Full names
- Billing address
- Expiration of payment cards
- Last four digits of payment cards
- Payment card issuing bank
While the company asserts that the flaw exploited by the attackers has already been corrected and the incident has been notified to the relevant authorities, there are still multiple doubts about it, so DigitalOcean is expected to provide further details once the investigation is complete.
On the other hand, Tyler Healy, vice president of security at DigitalOcean stated that the incident exposed information about less than 1% of the company’s accounts, so they expect the vast majority of users to be safe from the leak.
DigitalOcean appears to be a frequent target of threat actors. About a year ago the company acknowledged that its systems were affected by a data breach that resulted in the exposure of some personal records. The filtration was not detected until the systems were restored.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science at Miami and started working as a cyber security analyst in 2008. He is actively working as an cyber security investigator. He also worked for security companies like Cisco. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.